Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 819aa237 authored by Nick Pelly's avatar Nick Pelly Committed by The Android Open Source Project
Browse files

AI 144151: am: CL 144150 Fix heap corruption. 

  Take mutex in close(), and skip write path after turning bluetooth off.
  Original author: npelly
  Merged from: //branches/cupcake/...

Automated import of CL 144151
parent 34c594bd

libs/audioflinger/A2dpAudioInterface.cpp

+39 −11
Original line number Diff line number Diff line
@@ -99,9 +99,8 @@ status_t A2dpAudioInterface::setParameter(const char *key, const char *value) 
    if (strcmp(key, "a2dp_sink_address") == 0) {

        return mOutput->setAddress(value);

    }

    if (strcmp(key, "bluetooth_enabled") == 0 &&

        strcmp(value, "false") == 0) {

        return mOutput->close();

    if (strcmp(key, "bluetooth_enabled") == 0) {

        mOutput->setBluetoothEnabled(strcmp(value, "true") == 0);

    }



    return 0;
@@ -130,7 +129,10 @@ status_t A2dpAudioInterface::dump(int fd, const Vector<String16>& args) 
// ----------------------------------------------------------------------------



A2dpAudioInterface::A2dpAudioStreamOut::A2dpAudioStreamOut() :

    mFd(-1), mStandby(true), mStartCount(0), mRetryCount(0), mData(NULL)

    mFd(-1), mStandby(true), mStartCount(0), mRetryCount(0), mData(NULL),

    // assume BT enabled to start, this is safe because its only the

    // enabled->disabled transition we are worried about

    mBluetoothEnabled(true)

{

    // use any address by default

    strcpy(mA2dpAddress, "00:00:00:00:00:00");
@@ -166,7 +168,14 @@ ssize_t A2dpAudioInterface::A2dpAudioStreamOut::write(const void* buffer, size_t 
    Mutex::Autolock lock(mLock);



    size_t remaining = bytes;

    status_t status = init();

    status_t status = -1;



    if (!mBluetoothEnabled) {

        LOGW("A2dpAudioStreamOut::write(), but bluetooth disabled");

        goto Error;

    }



    status = init();

    if (status < 0)

        goto Error;
@@ -235,7 +244,26 @@ status_t A2dpAudioInterface::A2dpAudioStreamOut::setAddress(const char* address) 
    return NO_ERROR;

}



status_t A2dpAudioInterface::A2dpAudioStreamOut::setBluetoothEnabled(bool enabled)

{

    LOGD("setBluetoothEnabled %d", enabled);



    Mutex::Autolock lock(mLock);



    mBluetoothEnabled = enabled;

    if (!enabled) {

        return close_l();

    }

    return NO_ERROR;

}



status_t A2dpAudioInterface::A2dpAudioStreamOut::close()

{

    Mutex::Autolock lock(mLock);

    return close_l();

}



status_t A2dpAudioInterface::A2dpAudioStreamOut::close_l()

{

    if (mData) {

        a2dp_cleanup(mData);

libs/audioflinger/A2dpAudioInterface.h

+4 −1
Original line number Diff line number Diff line
@@ -88,7 +88,9 @@ private: 
        friend class A2dpAudioInterface;

                status_t    init();

                status_t    close();

                status_t    close_l();

                status_t    setAddress(const char* address);

                status_t    setBluetoothEnabled(bool enabled);



    private:

                int         mFd;
@@ -98,6 +100,7 @@ private: 
                char        mA2dpAddress[20];

                void*       mData;

                Mutex       mLock;

                bool        mBluetoothEnabled;

    };



    A2dpAudioStreamOut*     mOutput;